wchen342
commented
3 years ago Does it also happen with normal chromium?
Closed angelog0 closed 1 year ago
wchen342
commented
3 years ago Does it also happen with normal chromium?
angelog0
commented
3 years ago @wchen342 wrote:
Does it also happen with normal chromium?
I don't know. Where can I get normal Chromium for android?
Anyway, I tried with Brave with the same result. On another device with android 8 I can use Brave and ungoogled Chromium to browse ALL files in /sdcard/FOLDERS/ but not on the device with android 11!
wchen342
commented
3 years ago That looks like upstream issue. You can get chromium apk here: https://www.googleapis.com/download/storage/v1/b/chromium-browser-snapshots/o/Android%2F870756%2Fchrome-android.zip?generation=1617928108530138&alt=media.
If it happens on that too, you need to report upstream at chromium bug tracker.
angelog0
commented
3 years ago It seems that under android 11 apps have to declare MANAGE_EXTERNAL_STORAGE permission in AndroidManifest.xml. The Chromium you suggest, Kiwi, Yandex, Brave, Bromite DO NOT HAVE that permission declared in their manifest. (The issue regards other apps too!)
wchen342
commented
3 years ago The permission only affect media files, also READ_EXTERNAL_STORAGE is enough, which is already declared. See https://developer.android.com/training/data-storage.
wchen342
commented
3 years ago In any case, this should definitely be fixed upstream. As I mentioned above, you need to open an issue on chromium issue tracker directly, and if they fix it then all downstream projects will be fixed too, including ungoogled-chromium, brave, bromite, etc.
angelog0
commented
3 years ago @wchen342 wrote:
In any case, this should definitely be fixed upstream. As I mentioned above, you need to open an issue on chromium issue tracker directly, and if they fix it then all downstream projects will be fixed too, including ungoogled-chromium, brave, bromite, etc.
They WontFix. See this.
wchen342
commented
3 years ago It is because you are not tested on vanilla chromium. You are on chromium issue tracker but the link you posted in the original post there points to a third party modification. You cannot report to one software with issues on another, even if they are related. You need to test on unmodified, original chrome/chromium, and report what happens to the issue tracker.
angelog0
commented
3 years ago But should be evident that also for vanilla builds the same issue occurs... I tested the ChromePublic.apk found in this ZIP https://commondatastorage.googleapis.com/chromium-browser-snapshots/Android/890858/chrome-android.zip, and it has the same issue. It is enough? What else one should do to proof that CHROMIUM and its flavors have this issue?
wchen342
commented
3 years ago Yes, you can reason that because ungoogled-chromium and other downstream projects all has the problem so that chromium may has the problem, but for chromium developers they can only attest to their own application, which is the vanilla chromium.
In the issue you linked above you didn't say you tested on chromium, because the link you wrote there (https://github.com/macchrome/droidchrome/releases/download/v90.0.4430.91-r857950-Ungoogled-And64/arm64_ChromePublic_HEVC-90.0.4430.91.apk) is not chromium. You need to post a new issue, saying that you tested on their orignal chromium and it has the same problem, and them maybe they will start to discuss the problem with you.
wchen342
commented
3 years ago I don't know whether they are still monitoring that thread as one of the members think it is irrelevant, but we will see.
I am kind of reluctant to add the permission in manifest directly though because if the permission is added it is global and cannot be toggled at runtime. It will be added for all other users who do not actually need to browser files locally which can potentially be a problem. @csagan5 What do you think?
csagan5
commented
3 years ago The Chromium you suggest, Kiwi, Yandex, Brave, Bromite DO NOT HAVE that permission declared in their manifest. (The issue regards other apps too!)
Is this true? How do they have the equivalent of MANAGE_EXTERNAL_STORAGE permissions on Android 11 without having it declared in the manifest?
I am kind of reluctant to add the permission in manifest directly though because if the permission is added it is global and cannot be toggled at runtime. It will be added for all other users who do not actually need to browser files locally which can potentially be a problem.
@uazo did some work on SAF for Bromite; READ_EXTERNAL_STORAGE is safer than MANAGE_EXTERNAL_STORAGE in case your browser is compromised and I guess that is why the latter is not granted on Android 11. If it were added, one should also add the prompt for using the permission and unfortunately apps cannot "give up" the permission, as far as I know, so implementing this only
"as needed" (e.g. when using the browser as a file manager) seems not possible.
wchen342
commented
3 years ago READ_EXTERNAL_STORAGE is already in the manifest (see https://github.com/chromium/chromium/blob/91e65752e5a1b163d47969d2c71a419fa12ac295/chrome/android/java/AndroidManifest.xml#L55), so I am actually not convinced permission is the only problem here. I think even if you can open the file it cannot load because of XSS policy like on desktop.
uazo
commented
3 years ago I'm not that experienced as you think... the only thing which I can add to the discussion is that chromium only allows access to certain directories, see
as it appears that the user has the files in file:///sdcard/mysite/ I think the problem may be the lack of preserveLegacyExternalStorage in the manifest, that works at least until the target becomes API-30
ref https://developer.android.com/training/data-storage/use-cases#opt-out-in-production-app https://developer.android.com/about/versions/11/privacy/storage#maintain-compatibility-android-10 https://developer.android.com/training/data-storage/use-cases#if_your_app_targets
READ_EXTERNAL_STORAGE is safer than MANAGE_EXTERNAL_STORAGE
sure, but I think that between the two it is better to have nothing! @angelog0 but couldn't you put the files in the primary / secondary download folder?
angelog0
commented
3 years ago @uazo wrote:
but couldn't you put the files in the primary / secondary download folder?
What do you mean? I can browse file:///sdcard/. It contains folders as
which I cannot browse: clicking or tapping on them, it tries to load but really hangs...
file:///sdcard/ contains also
which I can browse but only multimedia files are visible. The same with my folders (created with Termux):
For example, Books folder contains an opera.ogg (which I can read) and two folders, PDF and ePub. When I try to enter PDF or ePub, it hangs as described previously.
angelog0
commented
3 years ago BTW, with the File manager app I can explore internal storage/mysite and all files are visible. When click on index.html it proposes to open it with Chromium and Chromium opens it with this url: content://0@media/external/file/75 but only the text is visible not the pictures that the HTML contains. In the Settings this File manager app has access to ALL files; the other choices are only multimedia and Reiect: Chromium has only these last two choices..
uazo
commented
3 years ago ok, some more info. in my emulator the situation is this:
if I put the files in
file:////storage/emulated/0/Android/data/org.chromium.chrome.stable/files/Download I see:
and follow the link:
the same thing does not happens with the other download subdirectory:
this is the result
so the problem does not seem the permissions, but some filter applied by chromium
csagan5
commented
3 years ago
READ_EXTERNAL_STORAGEis already in the manifest
Yes, I am aware.
I think even if you can open the file it cannot load because of XSS policy like on desktop.
@wchen342 can you please elaborate more?
READ_EXTERNAL_STORAGE is safer than MANAGE_EXTERNAL_STORAGE
sure, but I think that between the two it is better to have nothing!
Then no downloads could ever be opened; I am not sure this would work well.
chromium only allows access to certain directories, see
If I remember correctly this part was changed relatively recently, with the introduction of SAF; @uazo we could have something like EnableAccessToAllFilesForTesting() toggled via flag, for users that want to use the browser as a file manager? (Assuming that MANAGE_EXTERNAL_STORAGE would not be needed anyways).
uazo
commented
3 years ago READ_EXTERNAL_STORAGE is safer than MANAGE_EXTERNAL_STORAGE
sure, but I think that between the two it is better to have nothing!
Then no downloads could ever be opened; I am not sure this would work well.
yes, I meant would be better to automatically removing that permission once it is no longer used, so that the user is prompted each time
we could have something like EnableAccessToAllFilesForTesting() toggled via flag
uhm .. wouldn't that be a sandbox hole? I remind you that it is quite easy to change user preferences from the outside for a rooted phone (like mine :)
thanks to this post, I also noticed that it is possible in bromite to download any file inside the application's private folder, is it perhaps something we have added unintentionally?
angelog0
commented
3 years ago @uazo wrote:
if I put the files in file:////storage/emulated/0/Android/data/org.chromium.chrome.stable/files/Download I see:
Shouldn't be /sdcard a link to /storage/emulated/0?
/sdcard/Android/data/... should be the same.
Any way, I can browse file:///storage/emulated/0/Android/. It has
.Trash/
data/
media/
obb/when I click on data it hangs.
From the File Manager I get:
Memoria interna>Android>data
Nessun file (No files)Are you sure you are on Android 11 no-routed device?
I want to point out that before the update to android 11 (from 9 or 10) ALL worked just fine!
On a device with android 8.1 I have no problems. On this device I can browse file:///storage/emulated/0/Android/data/ with no problems.
On both devices Chromium is installed from the same apk based on Bromite patches (see this expanded)
wchen342
commented
3 years ago I think even if you can open the file it cannot load because of XSS policy like on desktop. @wchen342 can you please elaborate more?
My impression was that the html page cannot load if it contains any javascript, because on desktop if you try to load any webpage with JS you will have an error in console saying Access to script at 'file:///.../....js' from origin 'null' has been blocked by CORS policy: Cross origin requests are only supported for protocol schemes: http, data, chrome, chrome-extension, chrome-untrusted, https..
@uazo The differences between the two folders you see is probably because one is the private folder for chromium and the other is a public one? This has something to do with SAF. Also I believe html doesn't count as media file on Android.
angelog0
commented
3 years ago @wchen342 wrote:
My impression was that the html page cannot load if it contains any javascript,
No no.. The html file was written by me about 13 years ago with Emacs and contains only text. This issue regards ALL files which are not .jpg and similar. Also a simple text file .txt with "ciao" has the same fate: it is HIDDEN to Chromium and similar apps. All these apps have
permissions.
Instead other apps, like the file manager, for example, have the permissions
Recently I installed MuPDF Viewer and it has:
For example, the app LTE Cleaner is in the same situation of Chromium, and so in fact, it doesn't work.
ALL THIS ON ANDROID 11On the device with Android 8.1, these apps have the Archiving permission which when it is ON these apps have access to all files.
wchen342
commented
3 years ago Shouldn't be /sdcard a link to /storage/emulated/0?
It is a link, but it is possible chromium doesn't follow links. Judging from the code posted above by @uazo, chromium's internal path filter reads the nominal path and only allows /mnt/sdcard and /sdcard, so /storage/emulated/0 won't work. Also on Android the naming of the storages are deceptive. sdcard most of the times points to the internal storage of your phone, and /storage/{UUID of your sdcard volumn} is the path to your actual sd card.
Judging from the fact that you can see media files but not html files, it is probably not a permission issue because if it is, then you shall not be able to see any files at all. And the part that it hangs when entering some folders is likely caused by chromium itself.
Do you know how to capture logcat from Android? If you can get a log when you access different folders in file:///sdcard it can probably point to where the filtering happens.
kgwooo
commented
2 years ago Same issue...Although my android version is 10. For me this just started with ungoogled-chromium/bromite install. Previous I was using Vivaldi without this issue. This "file:///storage/emulated/0/localpage/index/html/" I wrote many years ago. I use it as a browser homepage. If I use a file manager to access this file, it will open with the default browser (ungoogled-chromium or bromite) but the address is now changed to "content://media/external/file/97"
PF4Public
commented
1 year ago This is an old issue, that didn't show much activity recently — closing. If you have any more information to add, let us know.
A few day go there was the upgrade from an older version of Android to the version 11. After this, the ungoogled Chromium I use on that device can access only to multimedia files. Usually I use it to browse my local files. I have a local site I used to open loading the
file:///sdcard/mysite/index.html. After the upgrade, theindex.htmlfile is no more visible and typing that URL does not resolve because that file is not accessible. All this is very annoying because for years I used the browser that way.It seems that the Android developers did so for security reasons.. it's like saying: don't eat otherwise you'll get diabetes, heart disease and so on...